FreeBSD 11.0-RELEASE Release Notes

The FreeBSD Project

IBM, AIX, OS/2,
PowerPC, PS/2, S/390, and ThinkPad are
trademarks of International Business Machines Corporation in the
United States, other countries, or both.

IEEE, POSIX, and 802 are registered
trademarks of Institute of Electrical and Electronics Engineers,
Inc. in the United States.

Intel, Celeron, Centrino, Core, EtherExpress, i386,
i486, Itanium, Pentium, and Xeon are trademarks or registered
trademarks of Intel Corporation or its subsidiaries in the United
States and other countries.

SPARC, SPARC64, and
UltraSPARC are trademarks of SPARC International, Inc in the United
States and other countries. SPARC International, Inc owns all of the
SPARC trademarks and under licensing agreements allows the proper use
of these trademarks by its members.

Many of the designations used by
manufacturers and sellers to distinguish their products are claimed
as trademarks. Where those designations appear in this document,
and the FreeBSD Project was aware of the trademark claim, the
designations have been followed by the “™” or the
“Â®” symbol.

Last modified on 2016-09-22 18:51:37Z by gjb.

Abstract

The release notes for FreeBSD 11.0-RELEASE contain
a summary of the changes made to the FreeBSD base system on the
11.0-STABLE development line. This document lists
applicable security advisories that were issued since the last
release, as well as significant changes to the FreeBSD kernel and
userland. Some brief remarks on upgrading are also
presented.

1.Â Introduction

This document contains the release notes for FreeBSD
11.0-RELEASE. It describes recently added, changed, or
deleted features of FreeBSD. It also provides some notes on
upgrading from previous versions of FreeBSD.

All users are encouraged to consult the release errata
before installing FreeBSD. The errata document is updated with
“late-breaking” information discovered late in the
release cycle or after the release. Typically, it contains
information on known bugs, security advisories, and corrections
to documentation. An up-to-date copy of the errata for FreeBSD
11.0-RELEASE can be found on the FreeBSD Web site.

This document describes the most user-visible new or changed
features in FreeBSD since 10.3-RELEASE. In general, changes
described here are unique to the 11.0-STABLE branch unless
specifically marked as MERGED features.

Typical release note items document recent security
advisories issued after 10.3-RELEASE, new drivers or hardware
support, new commands or options, major bug fixes, or
contributed software upgrades. They may also list changes to
major ports/packages or release engineering practices. Clearly
the release notes cannot list every single change made to FreeBSD
between releases; this document focuses primarily on security
advisories, user-visible changes, and major architectural
improvements.

2.Â Important Notes

This section lists important information for those upgrading
from prior FreeBSD releases.

2.1.Â User-facing Changes

As of r303719,
OpenSSHDSA key
generation has been disabled by default. It is important to
update OpenSSH keys prior to
upgrading. Additionally, Protocol 1
support has been removed.

3.Â Upgrading from Previous Releases of FreeBSD

[amd64,i386] Binary upgrades between RELEASE versions
(and snapshots of the various security branches) are supported
using the freebsd-update(8) utility. The binary upgrade
procedure will update unmodified userland utilities, as well as
unmodified GENERIC kernels distributed as a part of an official
FreeBSD release. The freebsd-update(8) utility requires that
the host being upgraded have Internet connectivity.

Source-based upgrades (those based on recompiling the FreeBSD
base system from source code) from previous versions are
supported, using the instructions in
/usr/src/UPDATING.

4.2.Â Userland Application Changes

When unable to load a kernel module with
kldload(8), a message informing to view output of
dmesg(8) is now printed, opposed to the previous output
“Exec format error.”. [r260594]

The pciconf(8) utility can now
identify PCI devices that are attached to a driver to be
identified by their device name instead of just the selector.
Additionally, the -l flag now accepts an
optional device argument to list details about a single
device. [r260910]

A new flag, “onifconsole”
has been added to /etc/ttys. This allows
the system to provide a login prompt via serial console if the
device is an active kernel console, otherwise it is equivalent
to off. [r260913]

The ping(8) utility has been
updated to use the Capsicum framework to drop priviliges,
protecting against malicious network packets. [r261498]

The ps(1) utility has been
updated to include the -J flag, used to
filter output by matching jail(8) IDs and names.
Additionally, argument 0 can be used to
-J to only list processes running on the
host system. [r265229]

The pmcstat(8) utility has been
updated to include a new flag, -l, which
ends event collection after the specified number of
seconds. [r266209]

The ps(1) utility has been updated
to include a new keyword, “tracer”, which
displays the PID of the tracing
process. [r270745]

Support for adding empty partitions has
been added to the mkimg(1) utility. [r271482]

The primes(6) utility has been
updated to correctly enumerate prime numbers between
4295098369 and
3825123056546413050. Prior to this change,
it was possible for returned values to be incorrectly
identified as prime numbers. [r272166]

The
fstyp(8) utility has been added, which is used to
determine the filesystem on a specified device. [r275680]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The libedit library
has been updated to support UTF-8, which
additionally provides unicode support to sh(1). [r276881]

The
mkimg(1) utility has been updated to support the
MBREFI partition
type. [r276893]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The ptrace(2) system call has been
updated include support for Altivec registers on
FreeBSD/powerpc. [r277166]

A new device control utility,
devctl(8) has been added, which allows making
administrative changes to individual devices, such as
attaching and detaching drivers, and enabling and disabling
devices. The devctl(8) utility uses the new
devctl(3) library. [r278320]

The netstat(1) utility has been
updated to use libxo(3) to optionally generate
machine-readable output. [r279122]
(Sponsored by
Juniper Networks, Inc.)

A new flag, -c, has
been added to the mkimg(1) utility, which allows
specifying the capacity of the target disk image. [r279139]

The freebsd-update(8) utility has
been updated to prevent fetching updated binary patches when
a previous upgrade has not been thoroughly completed. [r279571]
(Sponsored by
ScaleEngine, Inc.)

A regression in the libarchive(3)
library that would prevent a directory from being included in
the archive when --one-file-system is used
has been fixed. [r280870]

The
ar(1) utility has been updated to set
ARCHIVE_EXTRACT_SECURE_SYMLINKS and
ARCHIVE_EXTRACT_SECURE_NODOTDOT to disallow
directory traversal when extracting an archive, similar to
tar(1). [r281311]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

A race condition in wc(1) that
would cause final results to be sent to stderr(4) when
receiving the SIGINFO signal has been
fixed. [r281617]

The jexec(8) utility has been
updated to include a new flag, -l, which
ensures a clean environment in the target jail when used.
Additionally, jexec(8) will run a shell within the target
jail when run no commands are specified. [r285420]

The w(1) utility has been updated
to display the full IPv6 remote address of the host from which
a user is connected. [r285550]

The patch(1) utility has been
updated to include a new option to the -V
flag, none, which disables backup file
creation when applying a patch. [r285772]
(Sponsored by
EMC / Isilon Storage Division)

The
ar(1) utility now enables deterministic mode
(-D) by default. This behavior can be
disabled by specifying the -U flag. [r286010]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The xargs(1) utility has been
updated to allow specifying 0 as an
argument to the -P (parallel mode) flag,
which allows creating as many concurrent processes as
possible. [r286289]
(Sponsored by
ScaleEngine, Inc.)

The patch(1) utility has been
updated to remove the automatic checkout feature. [r286795]

The wireless network stack has
been modified to no longer show physical wireless devices by
default. In order to view available wireless devices on the
system, run sysctl net.wlan.devices. [r287197]
(Sponsored by
Netflix, Nginx, Inc.)

A
new utility, sesutil(8), has been added, which is used
to manage ses(4) (SCSI Environmental
Services) devices. [r287473]
(Sponsored by
Gandi.net)

The pciconf(8) utility has been
updated to use the PCI ID database from the misc/pciids package, if present,
falling back to the PCI ID database in the FreeBSD base
system. [r287522]

The
resolver library has been updated to reload
/etc/resolv.conf if the modification time
has changed. [r289315]
(Sponsored by
Dell, Inc.)

By default the ifconfig(8) utility
will set the default regulatory domain to
FCC on wireless interfaces. As a result,
newly created wireless interfaces with default settings will
have less chance to violate country-specific
regulations. [r300738]

A bug in the ul(1) utility that
caused lines to be truncated at 512 characters has been
fixed. [r302558]

4.3.Â Contributed Software

The binutils
suite of utilities has been updated to include upstream
patches that add new relocations for powerpc
support. [r275718]

Sendmail has
been updated to 8.15.2. Starting with FreeBSDÂ 11.0 and
sendmail 8.15, sendmail uses uncompressed IPv6 addresses by
default, i.e., they will not contain “::”. For
example, instead of “::1”, it will be
“0:0:0:0:0:0:0:1”. This permits a zero subnet to
have a more specific match, such as different map entries for
IPv6:0:0 versus IPv6:0. This change requires that
configuration data (including maps, files, classes, custom
ruleset, etc.) must use the same format, so make certain such
configuration data is in place before upgrading. As a very
simple check search for patterns like 'IPv6:[0-9a-fA-F:]*::'
and 'IPv6::'. To return to the old behavior, set the m4
option confUSE_COMPRESSED_IPV6_ADDRESSES or
the cf option
UseCompressedIPv6Addresses. [r285229]

The
libblacklist(3) library and applications have been ported
from the NetBSD Project. Packet filtering support for the
pf(4) packet filtering systems has been implemented. The
blacklist system provides the
blacklistd daemon, the helper
script blacklistd-helper to make
changes to the running packet filter system and the
blacklistctl control program.
A selection of system daemons, including:
fingerd,
ftpd,
rlogind, and
rshd have been modified to support
sending notifications to the
blacklistd daemon. [r301169]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

4.4.Â Installation and Configuration Tools

The FreeBSD installation utility,
bsdinstall(8), has been updated to set the
canmountzfs(8) property to
off for the /var dataset, preventing the
contents of directories within /var from conflicting when
using multiple boot environments, such as that provided by
sysutils/beadm. [r272274]

The bsdconfig(8) utility has been
updated to skip the initial tzsetup(8)UTC versus wall-clock time prompt when run
in a virtual machine, determined when the
kern.vm_guestsysctl(8) is set to
1. [r274394]

The bsdinstall(8) utility has been
updated to use the new dpv(3) library to display progress
when extracting the FreeBSD distributions. [r275874]

Support for detecting and implementing
aligning partitions on 1Mb boundaries has been added to
bsdinstall(8). [r285557]
(Sponsored by
ScaleEngine, Inc.)

Support for detecting and implementing
a workaround for various laptops and motherboards that do not
boot properly from GPT-partitioned disks
has been added to bsdinstall(8). Additionally, the
active flag will be set on the partition
when needed. [r285679]
(Sponsored by
ScaleEngine, Inc.)

Support for selecting the partitioning
scheme when installing on the UFS
filesystem has been added to bsdinstall(8). [r285679]
(Sponsored by
ScaleEngine, Inc.)

The bsdinstall(8) utility now
supports
a "BIOS+UEFI option
during installation, supporting systems with
UEFI or
BIOS/CSM
capability. [r298243]

The bsdinstall(8) utility has been
updated to include various system hardening options during
installation. [r303447]

4.5.Â /etc/rc.d
Scripts

The rc(8) subsystem has been
updated to allow configuring services in ${LOCALBASE}/etc/rc.conf.d/.
If LOCALBASE is unset, it defaults to
/usr/local. [r270676]

A new rc(8) script,
growfs, has been added, which will resize
the root filesystem to fill the device on boot if
/firstboot exists and
growfs_enable is enabled in
rc.conf(5). [r273955]

The mroutedrc(8) script has been removed from the base system. An
equivalent script is available from the net/mrouted port. [r275299]

The service(8) utility has been
updated to honor entries within /etc/rc.conf.d/. [r287576]
(Sponsored by
ScaleEngine, Inc.)

Two new subcommands have been added to
the rc(8) subsystem. describe shows
an rc script's description, and
extracommands shows any non-standard
commands present in an rc script, like
reload, configtest, or
keygen. [r298515]

4.6.Â /etc/periodic
Scripts

The daily periodic(8) script
110.clean-tmps has been updated to avoid
crossing filesystem mount boundaries when cleaning files in
/tmp. [r271321]

A new
periodic(8) script,
510.status-world-kernel, has been added,
which evaluates the running userland and kernel versions from
the uname(1)-U and
-K arguments, and prints an error if the
system userland and kernel are not in sync. [r277216]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

4.7.Â Runtime Libraries and API

The readline(3) library is now
statically linked in software within the base system, and the
shared library is no longer installed, allowing the Ports
Collection to use a modern version of the library. [r268461]

The strptime(3) library has been
updated to add support for POSIX-2001
features %U and
%W. [r272273]

The
dl_iterate_phdr(3) library has been changed to always
return the path name of the ELF object in
the dlpi_name structure member. [r272848]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The libxo(3) library has been
imported to the base system. [r273562]
(Sponsored by
Juniper Networks, Inc.)

A
userland library for Chelsio Terminator 5 based iWARP cards
has been added, allowing userland RDMA
applications to work over compatible
NICs. [r273806]
(Sponsored by
Chelsio Communications)

The
procctl(2) system call has been updated to include
a facility for non-init(8) processes to be declared as
the reaper of child processes and their decendants. [r275800]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The futimens() and
utimensat() system calls have been
added. See utimensat(2) for more information. [r277610]

The elf(3) compile-time dependency
has been removed from dtri.o, which
allows adding DTrace probes to
userland applications and libraries without also linking
against elf(3). [r278934]

The
libgomp library is now only built when
building GCC from the base system. An
up-to-date version is available in the Ports Collection as
devel/libiomp5-devel. [r282973]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The stdlib.h and
malloc.h headers have been updated to
make use of the gccalloc_align() attribute. [r282988]

The Blowfish crypt(3) library
has been updated to support $2y$ hashes. [r284483]
(Sponsored by
ScaleEngine, Inc.)

4.8.Â ABI Compatibility

The LinuxÂ® compatibility version has
been updated to 2.6.18. The
compat.linux.osreleasesysctl(8) is
evaluated when building the emulators/linux-c6 and related
ports. [r271982]

The stack protector has been upgraded to
the "strong" level, elevating the protection against buffer
overflows. While this significantly improves the security of
the system, extensive testing was done to ensure there are no
measurable side effects in performance or
functionality. [r288669]

5.Â Kernel

This section covers changes to kernel configurations, system
tuning, and system control parameters that are not otherwise
categorized.

5.1.Â Kernel Bug Fixes

A kernel bug that inhibited proper
functionality of the dev.cpu.0.freqsysctl(8) on IntelÂ® processors with Turbo
BoostÂ ™ enabled has been fixed. [r265876]

Support for dtrace(1) stack tracing
has been fixed for FreeBSD/powerpc, using the
trapexit() and
asttrapexit() functions instead of checking
within addressed kernel space. [r271697]

The kqueue(2) system call has been
updated to handle write events to files larger than 2
gigabytes. [r287886]
(Sponsored by
Multiplay)

5.2.Â Kernel Configuration

The IMAGACT_BINMISC
kernel configuration option has been enabled by default,
which enables application execution through emulators, such
as QEMU via
binmiscctl(8). [r266531]

The VT kernel
configuration file has been removed, and the vt(4)
driver is included in the GENERIC kernel.
To enable vt(4), enter set kern.vty=vt
at the loader(8) prompt during boot, or add
kern.vty=vt to loader.conf(5) and
reboot the system. [r268045]

The config(8) utility has been
updated to allow using a non-standard src/ tree, specified as an
argument to the -s flag. [r277904]

The FreeBSD/powerpc64 kernel now
builds as a position-independent executable, allowing the
kernel to be loaded into and run from any physical or virtual
address. [r277990]

Important:

This change requires an update to loader(8).
The userland and kernel must be updated before rebooting the
system.

A new module for creating
rpi.dtb has been added for the Raspberry
Pi. [r278338]

[arm] The
rpi.dtb module is now installed to
/boot/dtb/ by
default for the Raspberry Pi system. [r278340]

Kernel
support for Vector-Scalar eXtension (VSX)
found on POWER7 and POWER8 hardware has been added. [r279189]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The
pmap(9) implementation for 64-bit PowerPCÂ® processors
has been overhaulded to improve concurrency. [r279252]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

A new module for creating the
dtb module for ARM AM335x systems has
been added. [r279824]

The
PAE_TABLES kernel configuration option has
been added for FreeBSD/i386, which instructs pmap(9)
to use PAE format for page tables while
maintaining a 32-bit physical address size elsewhere in the
kernel. The use of this option can enhance application-level
security by enabling the creation of “no execute”
mappings on modern i386 processors. Unlike the
PAE option, PAE_TABLES
preserves kernel binary interface (KBI)
compatibility with non-PAE kernels,
allowing non-PAE kernel modules and drivers
to work with a PAE_TABLES-enabled kernel.
Additionally, system limits are tuned for 4GB maximum
RAM, avoiding kernel virtual address space
(KVA) exhaustion. [r281495]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The SIFTR kernel
configuration has been added, allowing building siftr(4)
statically into the kernel. [r282215]

The ARM boot loader,
ubldr, is now relocatable. In addition,
ubldr.bin is now created during build
time, which is a stripped binary with an entry point of
0, providing the ability to specify the
load address by running go
${loadaddr} in
u-boot. [r282731]

[amd64,i386] The nvd(4) and nvme(4) drivers are
now included in the GENERIC kernel
configuration by default. [r282921]
(Sponsored by
Intel Corporation)

A new kernel configuration option,
EM_MULTIQUEUE, has been added which enables
multi-queue support in the em(4) driver. [r283959]
(Sponsored by
Limelight Networks)

Note:

Multi-queue support in the em(4) driver is not
officially supported by IntelÂ®.

The GENERIC kernel
configuration has been updated to include the
IPSEC option by default. [r285142]
(Sponsored by
Netgate)

Support for running CloudABI executables
on amd64 and arm64 has been added. CloudABI is a runtime
environment that uses capability-based security exclusively,
similar to capsicum(4) always being enabled. It allows
designing, implementing and testing strongly sandboxed
applications more easily. [r285307]

The pms(4) driver has been added
to the GENERIC kernel configuration for
supported architectures. [r286231]

The CUBIEBOARD2
kernel configuration has been renamed to
A20 to add support for other boards with
the A20 processor, such as the Banana
Pi. [r287306]

Kernel
debugging symbols are now installed to /usr/lib/debug/boot/kernel/.
To retain the previous behavior, add
KERN_DEBUGDIR="" to
src.conf(5). [r288176]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

Support for POSIX asynchronous I/O is
now included in the kernel by default. The
VFS_AIO kernel option and
aio.ko kernel module have been removed.
Asynchronous I/O operations on sockets, local files, and
disk devices are permitted by default. However, operations
on other file types are disabled. See the aio(4)
manual page for more details. [r296277]
(Sponsored by
Chelsio Communications)

[arm64] arm64 has been switched over to using
INTRNG by default. [r301565]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

5.3.Â System Tuning and Controls

The
hwpmc(4) default and maximum callchain depths have been
increased. The default has been increased from 16 to 32, and
the maximum increased from 32 to 128. [r275140]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The kern.osrelease
and kern.osreldate are now configurable
jail(8) parameters. [r279361]

The devfs(5) device filesystem has been changed to
update timestamps for read/write operations using seconds
precision. A new sysctl(8),
vfs.devfs.dotimes has been added, which
when set to a non-zero value, enables default precision
timestamps for these operations. [r280949]
(Sponsored by
iXsystems, TheÂ FreeBSDÂ Foundation)

A new
sysctl(8), kern.racct.enable, has been
added, which when set to a non-zero value allows using
rctl(8) with the GENERIC kernel.
A new kernel configuration option,
RACCT_DISABLED has also been added. [r282213]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The
GENERIC kernel configuration now includes
RACCT and RCTL by
default. [r282901]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

Note:

To enable RACCT and
RCTL on a system using the
GENERIC kernel configuration, add
kern.racct.enable=1 to
loader.conf(5), and reboot the system.

A new sysctl(8),
net.inet.tcp.hostcache.purgenow, has
been added, which when set to 1 during
runtime will flush all
net.inet.tcp.hostcache entries. [r283136]
(Sponsored by
Limelight Networks)

A new sysctl(8),
hw.model, has been added, which displays
CPU model information. [r285524]

The uart(4) driver has been
updated to allow tuning pulses per second captured in the
CTS line during runtime, whereas previously only the DCD line
could be used without rebuilding the kernel. [r286591]

6.Â Devices and Drivers

This section covers changes and additions to devices and
device drivers since 10.3-RELEASE.

6.1.Â Device Drivers

The full(4) device has been added,
and the lindev(4) device has been removed.
Prior to this change, lindev(4) provided
only the /dev/full character device,
returning ENOSPC on write attempts. As
this device is not specific to LinuxÂ®, a native FreeBSD version
has been added. [r265132]

Hardware context support has been
added to the drm/i915 driver, adding
support for Mesa 9.2 and
later. [r271705]

The vt(4) driver has been updated,
replacing the bitmapped kern.vt.spclkeyssysctl(8) with individual
kern.vt.kbd_* variants. [r273178]

The hpet(4) driver has been updated
to create a
/dev/hpetN
device, providing access to HPET from
userspace. [r273598]

The drm code has
been updated to match LinuxÂ® version 3.8.13. [r280183]

The psm(4) driver has been updated
to include improved support for newer SynapticsÂ Â®
touchpads and the ClickPadÂ Â® mouse on newer
LenovoÂ ™ laptops. [r281440]

Support for the Freescale
PCI Root Complex device has been
added to FreeBSD/powerpc. [r282783]

The cyapa(4) driver has been added,
supporting the Cypress APA I2C trackpad. [r285876]

6.2.Â Storage Drivers

The mrsas(4) driver has been added,
providing support for LSI MegaRAID SAS controllers. The
mfi(4) driver will attach to the controller, by default.
To enable mrsas(4) add
hw.mfi.mrsas_enable=1 to
/boot/loader.conf, which turns off
mfi(4) device probing. [r265555]
(Sponsored by
LSI)

Note:

At this time, the mfiutil(8) utility and the FreeBSD
version of MegaCLI and
StorCli do not work with
mrsas(4).

The
ctl(4) subsystem has been updated, increasing the ports
limit from 128 to 256,
and LUN limit from 256
to 1024. [r275461]
(Sponsored by
iXsystems)

The asr(4) driver has
been removed, and is no longer supported. [r276526]

6.3.Â Network Drivers

Support for Broadcom chipsets BCM57764,
BCM57767, BCM57782, BCM57786 and BCM57787 has been added to
bge(4). [r258830]

The deprecated nve(4) driver has been
removed. Users of NVIDIA nForce MCP network adapters are
advised to use the nfe(4) driver instead, which has been
the default driver for this hardware since
FreeBSDÂ 7.0. [r261975]

The if_nf10bmac(4)
device has been added, providing support for NetFPGA-10G
Embedded CPU Ethernet Core. [r264601]
(Sponsored by
DARPA, AFRL)

Note:

The if_nf10bmac(4) driver operates on
the FPGA, and is not suited for the PCI host
interface.

The ath_hal(4) driver has been
updated to support the Atheros AR1111 chipset. [r265348]
(Sponsored by
Netgate)

The iwn(4) driver was added,
providing support for the IntelÂ® Centrino™ Wireless-N
105 and 135 chipsets. [r266770]

Support for the cxgbe(4) Terminator
5 (T5) 10G/40G cards has been added to netmap(4). [r266757]
(Sponsored by
Chelsio Communications)

The alc(4) driver has been updated
to support AR816x and AR817x ethernet controllers. [r272730]

The pf(4) packet filter default
hash has been changed from Jenkins to
Murmur3, providing a 3-percent performance
increase in packets-per-second. [r272906]

The vxlan(4) driver has been added,
which creates a virtual Layer 2 (Ethernet) network overlaid in
a Layer 3 (IP/UDP) network. The vxlan(4) driver is
analogous to vlan(4), but is designed to be better suited
for large, multiple-tenant datacenter environments. [r273331]

The
gre(4) driver has been significantly overhauled, and has
been split into two separate modules, gre(4) and
me(4). [r274246]
(Sponsored by
Yandex LLC)

The ral(4) driver has been updated
to support the RT5390 and RT5392 chipsets. [r278551]

The sfxge(4) driver has been
updated to support Solarflare Flareon Ultra 7000-series
chipsets. [r283514]
(Sponsored by
Solarflare Communications, Inc.)

The cdce(4) driver has been updated
to include support for the RTL8153 chipset. [r284125]

The iwm(4) driver has been imported
from OpenBSD, providing support for IntelÂ® 3160/7260/7265
wireless chipsets. [r286441]

The em(4) driver has been updated
to allow disabling CRC stripping. [r286829]
(Sponsored by
Limelight Networks)

The pf(4) implementation has been
updated to remove support for the scrub fragment
crop|drop-ovl filtering rule. Systems with this
rule in pf.conf(5) will implicitly be converted to the
scrub fragment reassemble filtering rule,
without necessary intervention. [r287222]

The lagg(4) driver has been updated
to remove support for the fec
protocol. [r288654]

The dummynet(4) driver has been
updated to include support for AQM (Active
Queue Management), adding support for PIE
(Proportional Integral controller Enhanced) and
FQ-PIE (Fair Queueing Proportional Integral
controller Enhanced). [r300779]

7.Â Hardware Support

This section covers general hardware support for physical
machines, hypervisors, and virtualization environments, as well
as hardware changes and updates that do not otherwise fit in
other sections of this document.

7.1.Â Hardware Support

The asmc(4) driver has been
updated to support the AppleÂ®Â MacMini 3,1. [r268303]

Support for FreeBSD/ia64 (Itanium) has been
dropped as of FreeBSDÂ 11. [r268351]

An issue that could cause a system to
hang when entering ACPIS3 state (suspend to
RAM) has been corrected in the acpi(4)
and pci(4) drivers. [r274386]

The power management unit
subsystem has been updated to support power button events on
certain PowerPC hardware, such as aluminum
PowerBookÂ Â®. [r274733]

The hwpmc(4) driver has been
updated to correct performance counter sampling on PowerPC G4
(MPC74xxx) and G5 class processors. [r275190]

The
OpenCrypto framework has been
updated to include AES-ICM and
AES-GCM modes, both of which have also been
added to the aesni(4) driver. [r275732]
(Sponsored by
TheÂ FreeBSDÂ Foundation,Netgate)

[powerpc] The hwpmc(4)
driver has been updated to support the Freescale e500
core. [r281713]

The ig4(4) driver has been added,
providing support for the fourth generation IntelÂ®
I2C SMBus. [r283766]

The uart(4) driver has been updated to support
AMT devices on newer systems.

[arm64] Initial SMP support has been
added to the FreeBSD/arm64 port. [r285316]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The e500mc and e5500 PowerPC cores are
now supported, supporting most QorIQ systems. [r297977]

SMP for Multicore
Freescale QorIQ systems now works correctly for SoCs with the
AP cores in boot holdoff mode (not in
spinloop wait mode). [r298237]

Native PCI-express HotPlug support is
enabled by default on amd64, arm64, and
powerpc. This feature has exposed compatibility issues
on some hardware that result in missing devices or a hang
during boot. To work around such issues, run set
hw.pci.enable_pcie_hp=0 in the boot loader, and
add hw.pci.enable_pcie_hp=0 to
/boot/loader.conf. [r299142]

7.2.Â Virtualization Support

Support for the “Virtual Interrupt
Delivery” feature of IntelÂ®Â VT-x is enabled if
supported by the CPU. This feature can be disabled by running
sysctl hw.vmm.vmx.use_apic_vid=0.
Additionally, to persist this setting across reboots, add
hw.vmm.vmx.use_apic_vid=0 to
/etc/sysctl.conf. [r260410]

Support for “Posted Interrupt
Processing” is enabled if supported by the CPU. This
feature can be disabled by running sysctl
hw.vmm.vmx.use_apic_pir=0. Additionally, to
persist this setting across reboots, add
hw.vmm.vmx.use_apic_pir=0 to
/etc/sysctl.conf. [r260532]

Support for running a FreeBSD/amd64
Xen guest instance as
PVH guest has been added.
PVH mode, short for “Para-Virtualized
Hardware”, uses para-virtualized drivers for boot and
I/O, and uses hardware virtualization extensions for all other
tasks, without the need for emulation. [r267536]
(Sponsored by
Citrix Systems R&D)

The bhyve(8) hypervisor has been
updated to support AMDÂ® processors with
SVM and AMD-V hardware
extensions. [r273375]

Support for PCI Single Root I/O
Virtualization (SR-IOV) has been introduced, allowing the
creation of PCI Virtual Functions (VFs) for device drivers
that support SR-IOV. See iovctl(8) for details on
creating and configuring VFs. [r279463]
(Sponsored by
Sandvine, Inc.)

The bhyve(8) hypervisor has been
updated to support DSM TRIM commands for
virtual AHCI disks. [r279957]

Support for GPIO, Sensors and interrupts
on AXP209 power management integrated circuits have been
added. [r300777]

8.Â Storage

This section covers changes and additions to file systems
and other storage subsystems, both local and networked.

8.1.Â General Storage

The
ctl(4)LUN mapping has been rewritten,
replacing iSCSI-specific mapping mechanisms
with a new mechanism that works for any port. [r278037]
(Sponsored by
iXsystems)

The
ctld(8) utility has been updated to allow controlling
non-iSCSIctl(4) ports. [r278354]
(Sponsored by
iXsystems)

The
autofs(5) subsystem has been updated to include a new
auto_master(5) map, -media, which
allows automatically mounting removable media, such as
CD drives or USB flash
drives. [r275681]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The GELI class has
been updated to support the BIO_DELETEg_bio(9)bio_cmd field, providing
TRIM/UNMAP support on
GELI-backed SSD storage
providers. [r286444]

The camdd(8) utility has been
added, which allows copying data sequentially to and from
SCSI devices, files, block devices and tape
drives. If the source and/or destination is
a SCSI disk, camdd(8) can use the
asynchronous pass(4) interface to queue multiple I/Os for
improved speed. (ATA passthrough support for camdd(8) is
in development.) [r291716]
(Sponsored by
Spectra Logic)

The pass(4)SCSI/ATA passthrough
driver now has an asynchronous interface. User applications
may queue many requests, get notification of completion via
kqueue(2) and retrieve status later. camdd(8) is an
example application using the interface. [r291716]
(Sponsored by
Spectra Logic)

Support
for parsing libucl-based configuration files has been added to
ctld(8). [r295212]
(Sponsored by
iXsystems)

The ahci(4) driver has been updated
to add NCQTRIM support
for drives that support it. [r298002]
(Sponsored by
Netflix)

Note:

Drives that advertise this feature but do not properly
support it have been blacklisted. Systems experiencing
traffic problems with NCQTRIM enabled can set the
kern.cam.ada.%d.quirks tunable to
2 for 512k sectors or
3 for 4096k sectors, replacing
%d with the drive number.

The cam(4) driver has been updated to
allow I/O scheduling tuning to fit workload and drive
characteristics. This option is off by default, and can be
enabled by adding option
CAM_IOSCHED_ADAPTIVE option to the kernel
configuration and recompiling the kernel. [r298002]
(Sponsored by
Netflix)

Leading spaces are now stripped off
SCSI disk serial numbers when populating
the CAM serial number. This affects the output of
diskinfo(8) and the names of
/dev/diskid/DISK-* device nodes, among
other things. [r300880]
(Sponsored by
Spectra Logic)

Support for managing Shingled
Magnetic Recording (SMR) drives has been added. [r300207]
(Sponsored by
Spectra Logic)

Support
for the timeo, actimeo,
noac, and proto options
have been added to mount_nfs(8). [r273849]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The Mellanox implementation of iSER
(iSCSI Extensions for RDMA) has been imported. [r300723]

The
ability to discover iSCSI targets without having to attach to
a target has been added to the iscsictl(8)
command. [r301033]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

8.3.Â ZFS

The arc_meta_limit
statistics are now visible through the
kstatsysctl(8). As a result of this
change, the vfs.zfs.arc_meta_usedsysctl(8) has been removed, and replaced with the
kstat.zfs.misc.arcstats.arc_meta_usedsysctl(8). [r275748]

The zfs(8)l2arc
code has been updated to take ashift into
account when gathering buffers to be written to the
l2arc device. [r287099]
(Sponsored by
ClusterHQ)

Four
new resources have been added to rctl(8) to allow
throttles to be set on filesystem IO. [r297633]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The zfsd daemon has been added, which manages
hotspares and replements in drive slots that publish physical
paths. [r300906]
(Sponsored by
iXsystems, Spectra Logic)

The minimum and maximum values for the
ZFS adaptive replacement cache can be modified at
runtime. [r302265]
(Sponsored by
Multiplay)

Support for the
disklabel64 partitioning scheme has been
added to gpart(8). [r267359]

Support for the
apple-boot, apple-hfs,
and apple-ufsMBR
partitioning schemes have been added to gpart(8). [r282465]

The gpart(8) utility has been
updated to include a new attribute for GPT
partitions, lenovofix, which when set,
which works around BIOS compatibility
issues reported on several LenovoÂ ™ laptops. [r285594]
(Sponsored by
ScaleEngine, Inc.)

9.Â Boot Loader Changes

This section covers the boot loader, boot menu, and other
boot-related changes.

9.1.Â Boot Loader Changes

The
memory test run at boot time on FreeBSD/amd64 platforms
has been disabled by default. [r258431]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

A new ttys(5) class,
3wire, has been added. This is similar to
the existing terminal classes, but does not have a defined
baudrate. [r262955]

Number of times the code was activated to attempt
downshifting the MSS

net.inet.tcp.pmtud_blackhole_min_activated

Number of times the blackhole
MSS was used in an attempt to
downshift

net.inet.tcp.pmtud_blackhole_failed

Number of times that the blackhole failed to
connect after downshifting the
MSS

Support for IP
identification for atomic datagrams (RFC
6864) has been added. Support for this feature can be toggled
with the net.inet.ip.rfc6864sysctl(8), which is enabled by default. [r280971]
(Sponsored by
Netflix, Nginx, Inc.)

The IPSEC has been
updated to include support for AES modes on
both software-only and hardware-backed (aesni(4))
systems. [r285336]
(Sponsored by
Netgate)

The
network stack has been updated to fix handling of
IPv6 On-Link redirects. [r287798]
(Sponsored by
Dell, Inc.)

Support
to be able to reroot into a NFSv4 volume has been
added. [r299848]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The net.inet.tcp.ecn.enable sysctl mib
has been changed from a binary off/on control to a three way
setting. [r300240]

11.Â Release Engineering and Integration

This section convers changes that are specific to the
FreeBSDÂ Release Engineering processes.

11.1.Â Integration Changes

The
Release Engineering build tools have been updated to include
support for producing virtual machine disk images for various
cloud hosting providers. [r277458]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The Release Engineering build tools have
been updated to use multi-threaded xz(1). By default,
the number of xz(1) threads is set to the number of cores
available. [r278926]

The
Release Engineering build tools have been updated to include
support for building FreeBSD/arm64 virtual machine and
memory stick installation images. [r281802]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The
Release Engineering build tools have been updated to support
building FreeBSD/arm images without external utilities for
supported boards where a corresponding
u-boot port exists in the Ports
Collection. [r282693]
(Sponsored by
TheÂ FreeBSDÂ Foundation)

The
FreeBSD/i386 memory stick installation images are now
created using the mkimg(1) utility, matching the way
the FreeBSD/amd64 images are created. [r283307]
(Sponsored by
TheÂ FreeBSDÂ Foundation)